We have become aware of a Trojan that is being distributed via adobe PDF attachments. Do not open or click on a .pdf attachment unless you know that it is safe, or sent from someone whose identification you can verify. This is how the Trojan works: The user is sent a socially engineered email with a PDF attachment. When the victim opens the malicious PDF, his machine is pushed a Trojan that then installs the Infostealer family of malware that logs keystrokes, captures screenshots, and sends that information to its controller. Symantec has christened the Trojan as Trojan.Pidief.H. According to Adobe, they will not have a fix until 1/12/2010. So it appears the criminals have targeted the Christmas shopping season because so many online merchants send PDF receipts

If you want to read more about this, copy and paste this link to your web browser: http://www.adobe.com/support/security/advisories/apsa09-07.html, or http://www.darkreading.com/vulnerability_management/security/app-security/showArticle.jhtml?articleID=222002143

When will AVAST catch this?

Hi matt621

There can be done something in the form of protection against this: http://forum.avast.com/index.php?topic=52392.0
Then there is also full protection in the form of NoScript extension inside the Firefox or Flock browser:
http://forums.informaction.com/viewtopic.php?f=10&t=3404
And as one commented into this thread in the link:

Or you can use a different reader, especially one without any JS capability, like this older version of Foxit pdf reader, which is also 1/100 the size of Adobe Reader. So in addition to saving disk space, you've cut the total attack surface by 99%, and eliminated all parsing of JS in the reader itself. Get it here: http://www.oldversion.com/download_Foxit_Reader_2.0_Build_1516.html

I’ve been using it for a couple of years. Never had a need to read JS inside a .pdf, and don’t want to. (Freeware, no nags)

polonus